ceph dashboard #3

Supports: focal groovy hirsute

Description

Enable the ceph dashboard on the ceph mon units


Overview

The ceph-dashboard charm deploys the Ceph Dashboard, a built-in web-based Ceph management and monitoring application.

Usage

Configuration

This section covers common and/or important configuration options. See file config.yaml for the full list of options, along with their descriptions and default values. See the Juju documentation for details on configuring applications.

grafana-api-url

Sets the url of the grafana api when using embedded graphs. See Embedded Grafana Dashboards

public-hostname

Sets the hostname or address of the public endpoint used to access the dashboard.

enable-password-policy

Sets whether certain password restrictions are enforced when a user is created or changes their password.

password-*

There are a number of password-* options which impose constraints on which passwords can be used. These options are ignored unless enable-password-policy is set to True.

Deployment

We are assuming a pre-existing Ceph cluster.

Deploy the ceph-dashboard as a subordinate to the ceph-mon charm.

juju deploy ceph-dashboard
juju add-relation ceph-dashboard:dashboard ceph-mon:dashboard

TLS is a requirement for this charm. Enable it by adding a relation to the vault application:

juju add-relation ceph-dashboard:certificates vault:certificates

See Managing TLS certificates in the OpenStack Charms Deployment Guide for more information on TLS.

Note: This charm also supports TLS configuration via charm options ssl_cert, ssl_key, and ssl_ca.

Embedded Grafana Dashboards

To enable the embedded grafana dashboards within the Ceph dashboard some additional relations are needed.

juju add-relation ceph-dashboard:grafana-dashboard grafana:dashboards
juju add-relation ceph-dashboard:prometheus prometheus:website
juju add-relation ceph-mon:prometheus prometheus:target
juju add-relation ceph-osd:juju-info telegraf:juju-info
juju add-relation ceph-mon:juju-info telegraf:juju-info

Grafana, Telegraf and Prometheus should be related in the standard way

juju add-relation grafana:grafana-source prometheus:grafana-source
juju add-relation telegraf:prometheus-client prometheus:target
juju add-relation telegraf:dashboards grafana:dashboards

When Grafana is integrated with the Ceph Dashboard it requires TLS, so add a relation to Vault (the grafana charm also supports TLS configuration via ssl_* charm options):

juju add-relation grafana:certificates vault:certificates

Grafana should be set with the following charm options:

juju config grafana anonymous=True
juju config grafana allow_embedding=True

The grafana charm also requires the vonage-status-panel and grafana-piechart-panel plugins. The Grafana charm install_plugins config option should be set to include URLs from which these plugins can be downloaded. They are currently available from https://storage.googleapis.com/plugins-community. For example:

juju config grafana install_plugins="https://storage.googleapis.com/plugins-community/vonage-status-panel/release/1.0.11/vonage-status-panel-1.0.11.zip,https://storage.googleapis.com/plugins-community/grafana-piechart-panel/release/1.6.2/grafana-piechart-panel-1.6.2.zip"

Telegraf should be set with the following charm options:

juju config telegraf hostname="{host}"

Note: The above command is to be invoked verbatim; no substitution is required.

Currently the dashboard cannot autodect the api endpoint of the grafana service, so the end of the deployment run the following:

juju config ceph-dashboard  grafana-api-url="https://<IP of grafana unit>:3000"

Enabling Prometheus Alerting

To enable Prometheus alerting, add the following relations:

juju add-relation ceph-dashboard:prometheus prometheus:website
juju add-relation ceph-mon:prometheus prometheus:target
juju add-relation ceph-dashboard:alertmanager-service prometheus-alertmanager:alertmanager-service
juju add-relation prometheus:alertmanager-service prometheus-alertmanager:alertmanager-service

Actions

This section lists Juju actions supported by the charm. Actions allow specific operations to be performed on a per-unit basis. To display action descriptions run juju actions --schema add-user. If the charm is not deployed then see file actions.yaml.

  • add-user
  • delete-user

Documentation

The OpenStack Charms project maintains two documentation guides:

Bugs

Please report bugs on Launchpad.

Object Gateway

To enable object gateway management add the following relation:

juju relate ceph-dashboard:radosgw-dashboard ceph-radosgw:radosgw-user

NOTE: On Octopus or earlier the dashboard can only be related to one ceph-radosgw application.


Configuration

audit-api-enabled
(boolean) Log requests made to the dashboard REST API to the Ceph audit log.
audit-api-log-payload
(boolean) Include payload in Ceph audit logs. audit-api-enabled must be set to True to enable this.,
True
debug
(boolean) Control debug mode. It is recommended that debug be disabled in production deployments.
enable-password-policy
(boolean) Enable password policy
True
grafana-api-url
(string) URL of grafana api. The url must be using https.
motd
(string) Message of the day settings. Should be in the format "severity|expires|message". Set to "" to disable.
password-policy-check-complexity
(boolean) Check password meets a complexity score of password-policy-min-complexity. See https://docs.ceph.com/en/latest/mgr/dashboard/#password-policy
True
password-policy-check-exclusion-list
(boolean) Reject password if it contains a word from a forbidden list.
True
password-policy-check-length
(boolean) Reject password if it is shorter then password-policy-min-length
True
password-policy-check-oldpwd
(boolean) Reject password if it matches previous password.
True
password-policy-check-repetitive-chars
(boolean) Reject password if password contains consecutive repeating charachters.
True
password-policy-check-sequential-chars
(boolean) Reject password if it contains a sequence of sequential characters. e.g. a password containing '123' or 'efg' would be rejected.
True
password-policy-check-username
(boolean) Reject password if username is included in password.
True
password-policy-min-complexity
(int) Set minimum password complexity score. See https://docs.ceph.com/en/latest/mgr/dashboard/#password-policy
10
password-policy-min-length
(int) Set minimum password length.
8
public-hostname
(string) The hostname or address of the public endpoints created for the dashboard
ssl_ca
(string) SSL CA to use with the certificate and key provided - this is only required if you are providing a privately signed ssl_cert and ssl_key.
ssl_cert
(string) SSL certificate to install and use for API ports. Setting this value and ssl_key will enable reverse proxying, point Neutron's entry in the Keystone catalog to use https, and override any certificate and key issued by Keystone (if it is configured to do so).
ssl_key
(string) SSL key to use with certificate specified as ssl_cert.